<?php
if(!defined('INEZCMS')){
	exit('Access Denied');
}

if (isset($_POST['sub']) && $_POST['sub']!='') {
	
	if(limit_ip('user_limit_ip')){
		jump(-1,54); //禁用IP
	}
	if($_POST["token"]<>$_SESSION["WSTOKEN_NAME"]){
       exit;
	}
	$username = trim($_POST['username']);
	$password = trim($_POST['password']);
    if(strlen($password)<6){
        jump(-1,3); 
        exit;
        
    }
	$remember = trim($_POST['remember'])?trim((int)$_POST['remember']):0;
	$md5pwd = md5($password);
	$from = trim($_POST['from']);

	$shield_arr = ez_get_cache('no_words'); //屏蔽词语
    $username_pass = reg_name($username, 3, 30, $shield_arr);
	if ($username_pass == -1) {
		jump(-1,1);  //用户名不合法
	}
	elseif ($username_pass == -2) {
		jump(-1,2);  //包含非法词汇
	}

	$password_pass = reg_password($password);
	if ($password_pass == 0) {
		jump(-1,3); //密码位数错误
	}
//   if($captcha<>$_SESSION["captcha"]){
//        jump(-1, 5); 
//    }
// unset($_SESSION["captcha"]);
//   $_SESSION["captcha"]="";    	

	$errorid=0;
	
	include EZROOT.'/comm/uc_define.php';
    include_once EZROOT.'/uc_client/client.php';
		$uc_name =$username;
	    list ($ucid, $uc_name, $pwd, $email) = uc_user_login($uc_name, $password); //第一次查询用户名

		if($ucid==-1){ //如果失败在查询邮箱
		    list ($ucid, $uc_name, $pwd, $email) = uc_user_login($username, $password,2);
		}
		if($ucid>0){
		    $ezuser=$ezhand->select('member','id,username,email,islock,password,nickname','username="'.$username.'" or email="'.$username.'"');
			$id=$ezuser['id'];
			if(!$id){
                 jump(-1,4);
			}
		}
		else{
		    jump(-1,4);//账号密码错误
    }
	$uid=$ezuser['id'];
    
	if ($uid > 0) { //如果会员存在
		$id=$ezuser['id'];
        if($ezuser["nickname"]<>""){
            $username=$ezuser['nickname'];    
        }else{
            $username=$ezuser['username'];
        }
	    
		$email=$ezuser['email'];
		$islock=$ezuser['islock'];
		if($islock==1){
			jump(-1,'您的账号未审核通过！');
		}
		
	    if($remember==1){$life=3600*24*100;}
		else{$life='';}
	    user_login($uid,$username,$life); //登陆状态
		
		$set_con_arr=array(array('f'=>'lastip','v'=>get_client_ip()),array('f'=>'lastdate','v'=>time()),array('f'=>'loginnum','e'=>'+','v'=>1));
		$ezhand->update('member', $set_con_arr, 'id="' . $uid.'"');
		if($ucid>0 && AJAX==0){
			echo $ucsynlogin = uc_user_synlogin($ucid); //同步登陆代码
		}
		if($from!=''){$goto=$from;}
		else{$goto=u('user','index');}
		if(strpos($goto,'http://')===false){
	        $goto=SITEURL.'/'.$goto;
	    }

		jump($goto);
	} 
	else {
		jump(-1,4);//账号密码错误
	}
} 
else {
	if(isset($_GET['url'])){
		$url_from=$_GET['url'];
	}
	elseif(isset($_GET['forward'])){
		$url_from=$_GET['forward'];
	}
	elseif(isset($_GET['from'])){
		$url_from=$_GET['from'];
	}
	else{
	    $url_from=$_SERVER['HTTP_REFERER'];
	}
}
?>